General
-
Target
8e1fcf2e2303870540176fad91c66b85_JaffaCakes118
-
Size
195KB
-
Sample
241103-3w34psxkay
-
MD5
8e1fcf2e2303870540176fad91c66b85
-
SHA1
2fabd935e7a1afef8c4fc2f24c5ee31ae30bd330
-
SHA256
09a94c80d7d0d5bcefdac4197ddf9d50d512ca5398bd5343459c04a4b8fe4bc2
-
SHA512
2895f357c53f00c8e2281ea7333fbc08ca49a832eaea244626a3d153e2a3e33cfade9e0a4f8ab4a86df3b8c0b3aa9841e8fdca09157ba9d0e616f48b2dcb0add
-
SSDEEP
3072:vsG6C5Juicvr8JTdsaE+6ORrBC6p5PpSr+OaO5IbuIc3AhaXh56sCcr9ASB7ao+a:vsGCvrMsa6UCsviAO5rY4WNcr9ASIVQJ
Malware Config
Targets
-
-
Target
8e1fcf2e2303870540176fad91c66b85_JaffaCakes118
-
Size
195KB
-
MD5
8e1fcf2e2303870540176fad91c66b85
-
SHA1
2fabd935e7a1afef8c4fc2f24c5ee31ae30bd330
-
SHA256
09a94c80d7d0d5bcefdac4197ddf9d50d512ca5398bd5343459c04a4b8fe4bc2
-
SHA512
2895f357c53f00c8e2281ea7333fbc08ca49a832eaea244626a3d153e2a3e33cfade9e0a4f8ab4a86df3b8c0b3aa9841e8fdca09157ba9d0e616f48b2dcb0add
-
SSDEEP
3072:vsG6C5Juicvr8JTdsaE+6ORrBC6p5PpSr+OaO5IbuIc3AhaXh56sCcr9ASB7ao+a:vsGCvrMsa6UCsviAO5rY4WNcr9ASIVQJ
Score10/10-
ModiLoader, DBatLoader
ModiLoader is a Delphi loader that misuses cloud services to download other malicious families.
-
Modiloader family
-
UAC bypass
-
ModiLoader Second Stage
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Adds Run key to start application
-
Checks whether UAC is enabled
-
UPX packed file
Detects executables packed with UPX/modified UPX open source packer.
-
MITRE ATT&CK Enterprise v15
Privilege Escalation
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Boot or Logon Autostart Execution
1Registry Run Keys / Startup Folder
1Defense Evasion
Abuse Elevation Control Mechanism
1Bypass User Account Control
1Impair Defenses
1Disable or Modify Tools
1Modify Registry
3